MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d778ecb3738036fe02b0cc768417d7f4101d2c22111ae3c4cddc6489802b2d4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	d778ecb3738036fe02b0cc768417d7f4101d2c22111ae3c4cddc6489802b2d4b
SHA3-384 hash:	0f437749067e65eb8e9987bf5ded14dab6672107eec26b2e3008f1f3e366797b50dac2783910ac11a1b6d33ec5956fa2
SHA1 hash:	bb10c74d333bcbd56fcbfc8e6da7ab6c574e759e
MD5 hash:	d6cce7e3a4bf64dcfa7d48a55530d4b4
humanhash:	snake-red-dakota-delaware
File name:	password. qq (1).apk
Download:	download sample
File size:	431'618 bytes
First seen:	2026-03-31 16:03:23 UTC
Last seen:	Never
File type:	apk
MIME type:	application/zip
ssdeep	12288:Cu523X/T4MHn1Bn/wdcvFRD7ecL1tMsS+:CuYDHT4q7D7B1o+
TLSH	T12D94236BFE52D683F12679BC5104AC42519A662DFDF4A07F0C0822A7DEFADD84F4294C
TrID	60.6% (.APK) Android Package (27000/1/5) 30.3% (.JAR) Java Archive (13500/1/2) 8.9% (.ZIP) ZIP compressed archive (4000/1)
Magika	apk
Reporter	BastianHein
Tags:	apk screenlocker signed

Code Signing Certificate

Organisation:	z
Issuer:	z
Algorithm:	sha256WithRSAEncryption
Valid from:	2015-09-22T12:20:51Z
Valid to:	2125-03-29T12:20:51Z
Serial number:	139a3b79
Thumbprint Algorithm:	SHA256
Thumbprint:	925756c8cdef4f43e9fded2d13de470c999492949730f1b45224c519a9acbcf9
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

119

Origin country :

Vendor Threat Intelligence

Gathering data

Detection(s):

Andr.Ransomware.Slocker-6803814-0

Andr.Ransomware.Slocker-6803848-0

Andr.Ransomware.Slocker-6804563-0

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

android base64 crypto evasive invalid-signature lockscreen persistence ransomware signed slocker

Link:

https://www.filescan.io/uploads/69cbf07fe2df9aa488c02a72/reports/25761f67-e55c-4323-8866-855efae8967e/overview

Gathering data

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/d778ecb3738036fe02b0cc768417d7f4101d2c22111ae3c4cddc6489802b2d4b

Verdict:

Malicious

File Type:

apk

First seen:

2026-03-31T14:05:00Z UTC

Last seen:

2026-03-31T14:59:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/d778ecb3738036fe02b0cc768417d7f4101d2c22111ae3c4cddc6489802b2d4b/results?tab=lookup

Score:

99%

Verdict:

Malware

File Type:

APK

Link:

https://malprob.io/report/d778ecb3738036fe02b0cc768417d7f4101d2c22111ae3c4cddc6489802b2d4b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d778ecb3738036fe02b0cc768417d7f4101d2c22111ae3c4cddc6489802b2d4b/

Threat name:

Android.Ransomware.Congur

Status:

Malicious

First seen:

2026-03-31 16:04:24 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

12 of 22 (54.55%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=254ozm3tqa3p4avqzr3iif6x6qib2lbccenohrgn3rsitablfvfq._file

Result

Malware family:

n/a

Score:

6/10

Tags:

android

Link:

https://tria.ge/reports/260331-th2jaaby6q/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/d778ecb3738036fe02b0cc768417d7f4101d2c22111ae3c4cddc6489802b2d4b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample